Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-18363 In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. | 5.3 | MEDIUM | β | 0 |
| CVE-2009-5042 python-docutils allows insecure usage of temporary files | 9.1 | CRITICAL | β | 0 |
| CVE-2009-5043 burn allows file names to escape via mishandled quotation marks | 9.8 | CRITICAL | β | 0 |
| CVE-2010-2490 Mumble: murmur-server has DoS due to malformed client query | 6.5 | MEDIUM | β | 0 |
| CVE-2019-18365 In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. | 4.3 | MEDIUM | β | 0 |
| CVE-2019-18366 In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-18367 In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-18368 In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. | 7.3 | HIGH | β | 0 |
| CVE-2019-18369 In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-3419 A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific pa... | 5.7 | MEDIUM | β | 0 |
| CVE-2019-3421 The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the u... | 8.0 | HIGH | β | 0 |
| CVE-2019-12612 An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerabi... | 7.8 | HIGH | β | 0 |
| CVE-2019-16251 plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. | 4.3 | MEDIUM | β | 0 |
| CVE-2019-18464 In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that c... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5150 An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading... | 8.9 | HIGH | β | 0 |
| CVE-2010-4817 pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. | 5.5 | MEDIUM | β | 0 |
| CVE-2013-3097 Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router. | 6.1 | MEDIUM | β | 0 |
| CVE-2013-3366 Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78GΒ¬DFdg_24Mhw3. | 8.8 | HIGH | β | 0 |
| CVE-2019-0382 A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. Privileges are required in ord... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-0385 SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-13555 In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial... | 5.9 | MEDIUM | β | 0 |
| CVE-2019-0389 An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and e... | 8.8 | HIGH | β | 0 |
| CVE-2019-0390 Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. Connection details that are maintained in Con... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-0391 Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. | 4.3 | MEDIUM | β | 0 |
| CVE-2019-0393 An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields ... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-18923 Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin. | 6.1 | MEDIUM | β | 0 |
| CVE-2010-5108 Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permission... | 7.5 | HIGH | β | 0 |
| CVE-2019-0386 Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the re... | 6.3 | MEDIUM | β | 0 |
| CVE-2019-0388 SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-0396 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted sourc... | 7.1 | HIGH | β | 0 |
| CVE-2019-18240 In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18951 SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files. | 7.5 | HIGH | β | 0 |
| CVE-2019-18952 SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-3420 All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-3649 Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST requ... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-3650 Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET r... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-3651 Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentia... | 8.8 | HIGH | β | 0 |
| CVE-2019-3660 Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed ... | 8.4 | HIGH | β | 0 |
| CVE-2019-5251 There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installin... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-5029 An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into... | 9.8 | CRITICAL | β | 0 |
| CVE-2011-0544 phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-18954 Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js ... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-3640 Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server... | 4.8 | MEDIUM | β | 0 |
| CVE-2019-3661 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database comma... | 8.1 | HIGH | β | 0 |
| CVE-2019-3662 Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via c... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-3663 Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the sys... | 9.8 | CRITICAL | β | 0 |
| CVE-2011-1070 v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences. | 7.8 | HIGH | β | 0 |
| CVE-2011-1136 In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | 4.7 | MEDIUM | β | 0 |
| CVE-2011-1145 The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. | 7.8 | HIGH | β | 0 |
| CVE-2011-1488 A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of th... | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.